Aptible PaaS logoDocs
Search
⌘K
Product
Product DemoAppsDatabasesPlatformSecurity & Compliance
PricingCompany
Install CLI
Log In
Getting Started
Introduction to Aptible
Deploy a starter template
Deploy your custom code
Core Concepts
Apps
Managed Databases
Architecture
Scaling
Observability
Security & Compliance
Integrations
Billing & Payments
Reference
Aptible CLI
Dashboard
Terraform
Aptible Metadata Variables
Interface Feature Availability Matrix
Reliability Division of Responsibilities
Glossary
How-to Guides
App Guides
Database Guides
Observability Guides
Platform Guides
How to achieve HIPAA compliance on Aptible
How to create and deprovison dedicated stacks
How to create environments
How to delete environments
How to deprovision resources
How to handle vulnerabilities found in security scans
How to migrate environments
How to navigate security questionnaires and audits
How to restore resources
How to upgrade or downgrade my plan
How to set up Single Sign On (SSO)
Best Practices Guide
Advanced Best Practices Guide
How to navigate HITRUST Certification
Minimize Downtime Caused by AWS Outages
How to cancel my Aptible Account
How to reset my Aptible 2FA
Troubleshooting
Aptible Support
Common Errors & Issues
Feedback
Roadmap
Give feedback

How to achieve HIPAA compliance on Aptible

Learn how to achieve HIPAA compliance on Aptible, the leading platform for hosting HIPAA-compliant apps & databases

Overview

Aptible's story began with a focus on serving digital health companies. As a result, the Aptible platform was designed with HIPAA compliance in mind. It automates and enforces all the necessary infrastructure security and compliance controls, ensuring the safe storage and processing of HIPAA-protected health information and more.

This guide will cover the essential steps for achieving HIPAA compliance on Aptible.

HIPAA-Compliant Production Checklist

Prerequisites: An Aptible account on the Growth Plan or higher
  1. Provision a dedicated stack
    1. Dedicated stacks live on isolated infrastructure and are designed to support deploying resources with higher requirements— such as HIPAA. Aptible automates and enforces 100% of the necessary infrastructure security and compliance controls for HIPAA compliance. This includes but is not limited to:
      1. Network Segregation (see: stacks)
      2. Centralized IAM (see: access & permissions)
      3. Platform Activity Logging (see: activity)
      4. Automated Backups & Automated Backup Testing (see: database backups)
      5. Database Encryption at Rest (see: database encryption)
      6. End-to-end Encryption in Transit (see: database encryption)
      7. DDoS Protection (see: DDoS Protection)
      8. Automatic Container Recovery (see: container recovery)
      9. Intrusion Detection (see: HIDS)
      10. Host Hardening
      11. Secure Infrastructure Access, Development, and Testing Practices
      12. 24/7 Site Reliability and Incident Response
      13. Infrastructure Penetration Tested
  2. Execute a BAA with Aptible
    1. When you request your first dedicated stack, an Aptible team member will reach out to coordinate the execution of a Business Associate Agreement (BAA).

After these steps are taken, you are ready to process PHI! 🎉

Here are some optional steps you can take:

    1. Review the controls implemented for you, enhance your security posture by implementing additional controls, and share a detailed report with your customers.
  2. Show off your compliance with a Secured by Aptible HIPAA compliance badge
  3. Set up log retention
    1. Set up long-term log retention with the use of a log drain. All Aptible log drain integrations offer BAAs.

This document serves as a guide and does not replace professional legal advice. For detailed compliance questions, it is recommended to consult with legal experts or Aptible's support team.

How to achieve HIPAA compliance on Aptible
Aptible logo
Product
Resources
Support
Company
548 Market St #75826 San Francisco, CA 94104
© 2024. All rights reserved. Privacy Policy